I ACKed bug 257880, but still there are some open questions:
- This change was dropped, isn't it necessary any more? If so, why?
* debian/rules: undef _FORTIFY_SOURCE so that it doesn't fail about ignored
chdir() return value.
- as far as I can tell this patch did not get upstream yet, why can it be dropped?
* debian/patches: Add fix_includes_and_printf_usage.dpatch
- #include <limits.h> in {main,ignore_pool}.c to get PATH_MAX and INT_MAX
- local.c: Fix insecure printf usage

If there is just a single patch against the Debian source then
adding a patch system that Debian doesn't have (even if it
was used in the previous Ubuntu version) is overkill.

If however you merge a package where a previous uploader added
a patch system then you may as well keep it.

Yours was a bit of a corner case, and some will disagree with me, but
I took the opportunity to remove the patch system while sponsoring.
You didn't do anything wrong, and the package would have worked
fine.